On April 15, 2014, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission (the “SEC”) issued a Risk Alert regarding the SEC’s initiative to assess cybersecurity preparedness and threats in the securities industry, including examinations of more than 50 SEC-registered investment advisers and broker-dealers.
The full text of the Risk Alert is available here.
SEC-registered investment advisers should review the Risk Alert, assess their current level of preparedness for cybersecurity threats, and consider whether any changes need to be made to their current cybersecurity policies and procedures. The Risk Alert includes an appendix containing 28 sample information requests that the SEC may send to investment advisers as part of the SEC’s cybersecurity initiative.
In summary, the sample information requests in the Risk Alert appendix cover the following topics:
The sample information requests in the Risk Alert also address compliance with the Identity Theft Red Flag Rules, which came into effect in 2013. For a summary of the Identity Theft Red Flags Rules, see our May 28, 2013 Foley Adviser.